I use transparent firewall with bridge because my network contains only valid IP addresses, and I don't think is necessary to route traffic twice. My layer 3 switch on the border is a robust equipment and I want to eliminate OSPF from the firewall.

I want to implement a secondary firewall host, to make them redundants in the case of a failure. In the future, I will also duplicate the L3 switches with a stack module, since I have only one connection with the ISP (for now).

How should I implement this 2 transparent firewalls and make them redundant with no human intervention? I have seen a lot of alerts on using CARP with this scenario, but something has to be configured, or it will create a loop on the network. Is Spanning Tree the best solution to implement redundancy? How about the State Table of traffic?

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.